Comments

Should this statement return true, when the rule is allowed for both roles only or does only one of them need to match?

A workaround would be to either check both roles separately and then merge results to you need or to create a new dummy role that inherits both roles an then check if it is allowed.

Posted by Louis Grenzebach (pknull) on 2008-07-01T22:56:06.000+0000

I believe it would return true if one matched, as you only need to be allowed on one level. In our environment people are given several roles, which typically coincide with various titles they may have. Some of these roles may not have permission to enter the area, while others do. I was hoping for a way to hand an array of the users roles to the function, without having to loop through them (as your work around suggested (and now after the fact, what I ended up doing)).

Here's my particular case
I have a user, who has the roles of SiteAdmin, Teacher, and Staff. Of those roles, only two are allowed access to the view.

While the social heirachy of these roles might imply the order of SiteAdmin > Teacher > Staff, we have cases where this order is changed, so that Teacher > SiteAdmin > Staff. There's also about a half dozen more roles on top of this.

It boils down to users having roles, that are mutually exclusive of each other, but may have access to an item through one more of those roles. I'm just trying to avoid unnecessary loops in my code where plausible.

Posted by Wil Sinclair (wil) on 2009-01-14T13:31:40.000+0000

Assigning to Ralph to get closure on this issues.

Posted by Ralph Schindler (ralph) on 2009-09-08T14:03:19.000+0000

So the proposed API, would that mean that all resources must share the same privelidge or just one? In other words, given many roles, are you expecting it to be ANDed or ORed?